CVE-2008-5402

Description

Double free vulnerability in the XML parser in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a crafted XML expression, related to the "IMG SRC ID."

Affected products

• cerulean_studios / trillian0.50 – 0.50
• cerulean_studios / trillian0.52 – 0.52
• cerulean_studios / trillian0.60 – 0.60
• cerulean_studios / trillian0.61 – 0.61
• cerulean_studios / trillian0.62 – 0.62
• cerulean_studios / trillian0.63 – 0.63
• cerulean_studios / trillian0.70 – 0.70
• cerulean_studios / trillian0.71 – 0.71
• cerulean_studios / trillian0.72 – 0.72
• cerulean_studios / trillian0.73 – 0.73
• cerulean_studios / trillian0.74 – 0.74
• cerulean_studios / trillian0.74c – 0.74c
• cerulean_studios / trillian0.74d – 0.74d
• cerulean_studios / trillian0.74e – 0.74e
• cerulean_studios / trillian0.74f – 0.74f
• cerulean_studios / trillian0.74g – 0.74g
• cerulean_studios / trillian0.74i – 0.74i
• cerulean_studios / trillian0.635 – 0.635
• cerulean_studios / trillian0.725 – 0.725
• cerulean_studios / trillian0.6351 – 0.6351
• cerulean_studios / trillian1.0 – 1.0
• cerulean_studios / trillian1.0 – 1.0
• cerulean_studios / trillian2.0 – 2.0
• cerulean_studios / trillian2.0 – 2.0
• cerulean_studios / trillian2.1 – 2.1
• cerulean_studios / trillian3.0 – 3.0
• cerulean_studios / trillian3.0 – 3.0
• cerulean_studios / trillian3.0 – 3.0
• cerulean_studios / trillian3.1 – 3.1
• cerulean_studios / trillian3.1 – 3.1
• cerulean_studios / trillian3.1 – 3.1
• cerulean_studios / trillian3.1.0.120 – 3.1.0.120
• cerulean_studios / trillian3.1.0.121 – 3.1.0.121
• cerulean_studios / trillian3.1.5.0 – 3.1.5.0
• cerulean_studios / trillian3.1.5.1 – 3.1.5.1
• cerulean_studios / trillian3.1.6.0 – 3.1.6.0
• cerulean_studios / trillian3.1.7.0 – 3.1.7.0
• cerulean_studios / trillian3.1.8.0 – 3.1.8.0
• cerulean_studios / trillian3.1.9.0 – 3.1.9.0
• cerulean_studios / trillian3.1.9.0 – 3.1.9.0
• cerulean_studios / trillian3.1.9.0 – 3.1.9.0
• cerulean_studios / trillian3.1.10.0 – 3.1.10.0
• cerulean_studios / trillian3.1.11.0 – 3.1.11.0
• cerulean_studios / trillian_pro
• cerulean_studios / trillian_pro1.0 – 1.0
• cerulean_studios / trillian_pro2.0 – 2.0
• cerulean_studios / trillian_pro2.01 – 2.01
• cerulean_studios / trillian_pro3.0 – 3.0
• cerulean_studios / trillian_pro3.1.5.0 – 3.1.5.0
• cerulean_studios / trillian_pro3.1_build_121 – 3.1_build_121
• ceruleanstudios / trillian
• ceruleanstudios / trillian3.1.0.9 – 3.1.0.9
• ceruleanstudios / trillian3.1.9.0 – 3.1.9.0
• ceruleanstudios / trillian_pro
• ceruleanstudios / trillian_pro3.1.9.0 – 3.1.9.0

References

• MISChttp://securityreason.com/securityalert/4701
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/47098
• MISChttp://www.securitytracker.com/id?1021334
• MISChttp://osvdb.org/50473
• MISChttp://www.securityfocus.com/bid/32645
• VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2008/3348
• VENDOR_ADVISORYhttp://www.zerodayinitiative.com/advisories/ZDI-08-078
• MISChttp://www.securityfocus.com/archive/1/498933/100/0/threaded
• VENDOR_ADVISORYhttp://secunia.com/advisories/33001
• MISChttp://blog.ceruleanstudios.com/?p=404